This extension integrates the Puppet Security Linter analysis right into Visual Studio Code, ensuring a perfect continuity in a developer's workflow.
The extension uses the puppet-sec-lint gem installed on the local computer. If the gem is not yet installed on the computer, install it by running gem install puppet-sec-lint.
More information on how to configure the linter can be found at the official github repository.
When an Puppet (.pp) file is created or opened, the extension automatically starts running in real time.
When a security vulnerabilty is detected, a warning is imediately displayed, accompanied by an underline on the affected code.
By clicking on the link present in the warning, it's possible to consult a page with more information reagrding the vulnerabilities, how they could be exploited and solutions to mitigate or solve them.
Initial release. It supports the real time analysis of any Puppet Manifest open in Visual Studio code.